diff --git a/grafana/Chart.yaml b/grafana/Chart.yaml index 78286a195..eea3682b9 100644 --- a/grafana/Chart.yaml +++ b/grafana/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v7.3.6 description: OpenStack-Helm Grafana name: grafana -version: 0.1.4 +version: 0.1.5 home: https://grafana.com/ sources: - https://github.com/grafana/grafana diff --git a/grafana/templates/certificates.yaml b/grafana/templates/certificates.yaml deleted file mode 100644 index 9af197df4..000000000 --- a/grafana/templates/certificates.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.certificates -}} -{{ dict "envAll" . "service" "grafana" "type" "internal" | include "helm-toolkit.manifests.certificates" }} -{{- end -}} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 8f40cb740..c04fff3a0 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -81,6 +81,13 @@ spec: key: GRAFANA_ADMIN_PASSWORD - name: PROMETHEUS_URL value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- if .Values.manifests.certificates }} + - name: CACERT + valueFrom: + secretKeyRef: + key: ca.crt + name: prometheus-tls-api +{{- end }} {{- if .Values.pod.env.grafana }} {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.pod.env.grafana | indent 12 }} {{- end }} diff --git a/grafana/values.yaml b/grafana/values.yaml index 271b495fb..ac57c34e6 100644 --- a/grafana/values.yaml +++ b/grafana/values.yaml @@ -236,13 +236,6 @@ endpoints: public: grafana host_fqdn_override: default: null - # NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public - # endpoints using the following format: - # public: - # host: null - # tls: - # crt: null - # key: null path: default: null scheme: @@ -366,7 +359,6 @@ secrets: grafana: grafana: public: grafana-tls-public - internal: grafana-tls-api prometheus: user: prometheus-user-creds diff --git a/grafana/values_overrides/tls.yaml b/grafana/values_overrides/tls.yaml index b26fcf15c..eac7e3aa7 100644 --- a/grafana/values_overrides/tls.yaml +++ b/grafana/values_overrides/tls.yaml @@ -6,15 +6,26 @@ conf: ca_cert_path: /etc/mysql/certs/ca.crt client_key_path: /etc/mysql/certs/tls.key client_cert_path: /etc/mysql/certs/tls.crt -endpoints: - grafana: - host_fqdn_override: - default: - tls: - secretName: grafana-tls-api - issuerRef: - name: ca-issuer - kind: ClusterIssuer + provisioning: + datasources: + template: | + {{ $prom_host := tuple "monitoring" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + {{ $prom_uri := printf "https://%s" $prom_host }} + apiVersion: 1 + datasources: + - name: prometheus + type: prometheus + access: proxy + orgId: 1 + editable: true + basicAuth: true + basicAuthUser: {{ .Values.endpoints.monitoring.auth.user.username }} + jsonData: + tlsAuthWithCACert: true + secureJsonData: + basicAuthPassword: {{ .Values.endpoints.monitoring.auth.user.password }} + tlsCACert: $CACERT + url: {{ $prom_uri }} manifests: certificates: true ... diff --git a/releasenotes/notes/grafana.yaml b/releasenotes/notes/grafana.yaml index d1b29c1f0..52679c6cd 100644 --- a/releasenotes/notes/grafana.yaml +++ b/releasenotes/notes/grafana.yaml @@ -5,4 +5,5 @@ grafana: - 0.1.2 Update Grafana version - 0.1.3 Provision any dashboard as homepage - 0.1.4 Enable TLS for Grafana + - 0.1.5 Enable TLS between Grafana and Prometheus ...